I have Cisco Secure ACS installed on Windows2000
Server.I have tried using the same for TACACS+ Server
wherein on a router Ihave made the entries such as
under.
aaa new-model
aaa authentication login group1 group tacacs+
aaa authentication ppp default group tacacs+
aaa authentication ppp group1 group tacacs+
tacacs-server host 129.1.0.42
tacacs-server key ciscosecure
With a user xyz created on Ciscosecure I am able to
logon to router,but the authorisation does not takes
place.I have already put necessary commands on router
as under.
aaa authorization config-commands
aaa authorization commands 1 group1 if-uthenticated
group tacacs+
aaa authorization commands 2 default if-authenticated
aaa authorization network group1 if-authenticated
group tacacs+
On Ciscosecure ACS I tried under user setup, for user
xyz , in Advanced TACACS+ settings
/TACACS ENABLE PASSWORD
Use Tacacs enable password selected ,but it does not
accept this enable password. Also in Tacacs+ settings
under shell command authorisation ,using per user
command authorisation and assigning the command
(configure for example ) with necessary arguments(
deny terminal for example )I shouls have not been
allowed to enter into config mode. But it allows me (
user XYZ ) to enter into config mode. What could have
been the problem .Can someone guide me ?
In short the authentication part is working but not
authorisation .
Thanks in advance.
Piyush
________________________________________________________________________
Missed your favourite TV serial last night? Try the new, Yahoo! TV.
visit http://in.tv.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56276&t=56276
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
